diff --git a/support/iam/src/basic/serv/iam_cert_serv.rs b/support/iam/src/basic/serv/iam_cert_serv.rs
index 07b592fd3..609c599cd 100644
--- a/support/iam/src/basic/serv/iam_cert_serv.rs
+++ b/support/iam/src/basic/serv/iam_cert_serv.rs
@@ -588,9 +588,11 @@ impl IamCertServ {
         cert_supplier: Vec<String>,
         cert_conf_id: Option<String>,
         tenant_id: &str,
+        ldap_dn: bool,
         funs: &TardisFunsInst,
         ctx: &TardisContext,
     ) -> TardisResult<RbumCertSummaryWithSkResp> {
+        let ldap_cn = !ldap_dn;
         let mut is_ldap = false;
         let rbum_cert_filter_req = if let Some(cert_conf_id) = cert_conf_id {
             let cert_conf = RbumCertConfServ::get_rbum(
@@ -635,7 +637,7 @@ impl IamCertServ {
         if let Some(ext_cert) = ext_cert {
             Ok(RbumCertSummaryWithSkResp {
                 id: ext_cert.id,
-                ak: if is_ldap { IamCertLdapServ::dn_to_cn(&ext_cert.ak) } else { ext_cert.ak },
+                ak: if is_ldap && ldap_cn { IamCertLdapServ::dn_to_cn(&ext_cert.ak) } else { ext_cert.ak },
                 sk: "".to_string(),
                 sk_invisible: ext_cert.sk_invisible,
                 ext: ext_cert.ext,
diff --git a/support/iam/src/console_interface/api/iam_ci_cert_api.rs b/support/iam/src/console_interface/api/iam_ci_cert_api.rs
index a7e831fc1..bfe88aa44 100644
--- a/support/iam/src/console_interface/api/iam_ci_cert_api.rs
+++ b/support/iam/src/console_interface/api/iam_ci_cert_api.rs
@@ -70,6 +70,9 @@ impl IamCiCertApi {
     /// Find Cert By Kind And Supplier
     ///
     /// if kind is none,query default kind(UserPwd)
+    /// - `supplier` is only used when kind is `Ldap`
+    /// - `ldap_origin` is only used when kind is `Ldap` and default is false.
+    /// when true,return ak will be original DN
     #[oai(path = "/:account_id", method = "get")]
     async fn get_cert_by_kind_supplier(
         &self,
@@ -77,6 +80,7 @@ impl IamCiCertApi {
         kind: Query<Option<String>>,
         tenant_id: Query<Option<String>>,
         supplier: Query<Option<String>>,
+        ldap_origin: Query<Option<bool>>,
         ctx: TardisContextExtractor,
         request: &Request,
     ) -> TardisApiResult<RbumCertSummaryWithSkResp> {
@@ -96,8 +100,8 @@ impl IamCiCertApi {
         } else {
             None
         };
-
-        let cert = IamCertServ::get_cert_by_relrubmid_kind_supplier(&account_id.0, &kind, vec![supplier], conf_id, &true_tenant_id.unwrap_or_default(), &funs, &ctx.0).await?;
+        let ldap_DN = ldap_origin.0.unwrap_or_default();
+        let cert = IamCertServ::get_cert_by_relrubmid_kind_supplier(&account_id.0, &kind, vec![supplier], conf_id, &true_tenant_id.unwrap_or_default(), ldap_DN,&funs, &ctx.0).await?;
         ctx.0.execute_task().await?;
         TardisResp::ok(cert)
     }